CN115033912A - Block chain-based medical data cross-device anonymous verification method, device and equipment - Google Patents

Block chain-based medical data cross-device anonymous verification method, device and equipment Download PDF

Info

Publication number
CN115033912A
CN115033912A CN202210419459.XA CN202210419459A CN115033912A CN 115033912 A CN115033912 A CN 115033912A CN 202210419459 A CN202210419459 A CN 202210419459A CN 115033912 A CN115033912 A CN 115033912A
Authority
CN
China
Prior art keywords
proxy
signature
medical data
group
agent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210419459.XA
Other languages
Chinese (zh)
Other versions
CN115033912B (en
Inventor
李朝阳
孟令显
单要楠
许振华
王艳青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou University of Light Industry
Original Assignee
Zhengzhou University of Light Industry
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou University of Light Industry filed Critical Zhengzhou University of Light Industry
Priority to CN202210419459.XA priority Critical patent/CN115033912B/en
Publication of CN115033912A publication Critical patent/CN115033912A/en
Application granted granted Critical
Publication of CN115033912B publication Critical patent/CN115033912B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The invention provides a block chain-based medical data cross-device anonymous verification method, a device and equipment, which are used for solving the problems of difficult verification and privacy disclosure of medical data in the sharing and transmission process among different intelligent medical devices. The method comprises the following steps: the electronic health records collected by different intelligent medical equipment form medical data reflecting the health condition of a patient; the main body group of the intelligent medical equipment authorizes the agency authority of a certain group member and carries out agency signature on the medical data on behalf of the main body group; the verifier carries out validity verification on the proxy signature, and any intelligent medical equipment main body in the main body group cannot deny the validity of the proxy signature passing verification; and storing the validated medical data in a public blockchain account book in a transaction form. The method can realize the anonymous verification of the multi-device main body in the medical data storage process and improve the safety of the privacy information of the patient.

Description

Block chain-based medical data cross-device anonymous verification method, device and equipment
Technical Field
The invention relates to the technical field of blockchain, in particular to a method, a device and equipment for cross-equipment anonymous verification of medical data based on blockchain.
Background
The group signature scheme is that a group signs the same message, but in order to reduce the complexity of one-by-one signature of group members, only a single group member is required to represent the group to execute signature. The signed message signature has the power of a group signature, and all group members cannot deny the validity of the signature. Meanwhile, the signature behavior executed by which member in the group can not be determined from the message signature, and the anonymity of the signer is effectively ensured. The group signature is more suitable for solving the problem that the medical data multi-device main body is difficult to verify, the legal verification of the medical data by the multi-device main body can be realized, and the privacy protection effect is achieved by hiding the information of the signer.
Disclosure of Invention
Aiming at the problems of difficult verification and privacy disclosure of medical data in the sharing and transmitting process of different intelligent medical devices, the invention provides a medical data anonymous verification method, a device and equipment based on a block chain. Meanwhile, the medical data containing the legal agent signature cannot be denied by members in the equipment main body group, so that reliable guarantee is provided for the safety of the medical data and sensitive information; in addition, medical data and operation records are recorded on a public block chain account book, and the problems of accidental loss and tampering of the medical data are effectively solved.
The technical scheme of the invention is realized as follows:
a block chain-based medical data cross-device anonymous verification method comprises the following steps:
s100, forming medical data reflecting the health condition of a patient by using electronic health records acquired by different intelligent medical equipment;
s200, authorizing the proxy authority of a group member by a main body group of the intelligent medical equipment, and carrying out proxy signature on the medical data on behalf of the main body group;
s300, a verifier carries out validity verification on the proxy signature, and any intelligent medical equipment main body in the main body group cannot deny the validity of the proxy signature passing the verification;
and S400, storing the validated medical data in an open blockchain account book in a transaction form.
Preferably, proxy authorization refers to: before the main group of the intelligent medical equipment signs the generated medical data, selecting an agent signer representing the whole main group of the intelligent medical equipment, carrying out agent authorization on the agent signer and issuing an agent certificate;
the signature of the medical data refers to: the agent signer generates an agent public key and an agent private key by using the agent certificate, publishes the agent public key, and signs the medical data information by using the agent private key to generate the medical data signature;
the verification of the medical data means: the verifier verifies the validity of the medical data signature by using the public proxy public key; the signature is a valid proxy signature through the verification; illegal agent signature which can not pass the verification is discarded;
billing of medical data refers to: and the verified and valid medical data information is recorded into the public blockchain account book in a transaction form to form an untrustworthy record.
Preferably, the main group of the smart medical device allows the new device main member to freely join, and the specific operation method is as follows:
s101: a new device main member sends registration information to a group manager of a main group to obtain a corresponding member certificate;
specifically, the new device subject member first randomly selects two secret parameters
Figure BDA0003606300270000021
Wherein the content of the first and second substances,
Figure BDA0003606300270000022
is a bimodal gaussian distribution; secondly, calculate
Figure BDA0003606300270000023
And
Figure BDA0003606300270000024
wherein, the first and the second end of the pipe are connected with each other,
Figure BDA0003606300270000025
is the new member private key, B is the group public key; then, an expiration date and time is selected
Figure BDA0003606300270000026
And will register the information
Figure BDA0003606300270000027
Sending to the group manager;
s102: the group manager generates a member certificate containing an expiration date and time by using the registration information of the new equipment main body member, and returns the member certificate to the new equipment main body member;
specifically, the group manager first calculates r i ←SampleD(S A ,A,qz i2 ),Token i =A·r i And
Figure BDA0003606300270000028
wherein S is A Is the group master key, A is the group public key, q and σ 2 Is a system parameter; secondly, randomly selecting a parameter a epsilon {0,1} n And calculate
Figure BDA0003606300270000029
The group administrator then publishes registration information for the new device principal member
Figure BDA00036063002700000210
And member certificate
Figure BDA00036063002700000211
Preferably, the main group of the smart medical device authorizes the proxy authority of a group member, and the method for proxy signing the medical data on behalf of the main group comprises:
s201: a group manager randomly generates a proxy certificate and sends the proxy certificate to a proxy signer;
specifically, the group manager randomly selects a parameter
Figure BDA0003606300270000031
And a random bit b e {0,1} n (ii) a Secondly, calculate
Figure BDA0003606300270000032
And
Figure BDA0003606300270000033
then sends the proxy certificate
Figure BDA0003606300270000034
Sending to the agent signer;
s202: the proxy signer generates a proxy public and private key for signature by using the received proxy certificate;
specifically, the proxy signer first verifies the validity of the proxy certificate if the parameters in the proxy certificate
Figure BDA0003606300270000035
Satisfy the requirement of
Figure BDA0003606300270000036
And
Figure BDA0003606300270000037
or parameters
Figure BDA0003606300270000038
Satisfy the requirement of
Figure BDA0003606300270000039
And
Figure BDA00036063002700000310
if the proxy is unsuccessful, proxy authorization needs to be carried out again; if the parameter is
Figure BDA00036063002700000311
And
Figure BDA00036063002700000312
meet the above requirements, and
Figure BDA00036063002700000313
and
Figure BDA00036063002700000314
if both are true, the proxy authorization is successful; then, the proxy signer calculates M ← H 1 (W A→B ),A P =U i *M T And
Figure BDA00036063002700000315
wherein, A P Representative proxy public key, S P A proxy private key;
s203: the agent signer signs the message to be signed by using the generated agent public and private key;
specifically, the proxy signer first verifies whether the signature deadline and time are met
Figure BDA00036063002700000316
Secondly, calculate
Figure BDA00036063002700000317
And randomly selecting a parameter b epsilon {0,1} n Calculating
Figure BDA00036063002700000318
Then, the signature of the message m is published
Figure BDA00036063002700000319
Preferably, the method for the verifier to verify the validity of the proxy signature includes:
s301: verifying the validity of the signature by the verifier;
specifically, the verifier first verifies whether the signature term and time satisfy t v <t s And
Figure BDA00036063002700000320
wherein, t v Is the current signature verification time; secondly, the signed message is verified, if signature e i Satisfy | | | e i ||>T 1 And e i || >q/4, if the signature is illegal, the signature needs to be carried out again; if signature e i Meets the above requirements, and
Figure BDA00036063002700000321
if yes, the signature is legal;
s302: verifying signature e using an opening algorithm i Signed by a proxy signer;
specifically, the verifier calculates
Figure BDA00036063002700000322
If r is satisfied i ′=r i Then prove that the signature is indeed signed by the proxy signer; the opening algorithm is executed to determine which member of the device main body group the signature is when the information of the signer is required to be determined under special conditions; however, in general, the verifier can only verify that the proxy signature is a legal signature of the device body group, and cannot determine which bit of the group the proxy signature is, thereby protecting the privacy and security of the signer.
A medical data cross-device anonymous verification device based on a blockchain comprises a data collection module, an agent authorization module, a data signature module and a data verification module;
the data collection module is used for collecting electronic health records by the intelligent medical equipment through monitoring and collecting the medical data reflecting the health condition of the patient;
the agent authorization module is used for selecting the agent signer from the main body group of the intelligent medical equipment, authorizing the agent signer and issuing the agent certificate;
the data signature module is used for generating an agent public key and an agent private key by the agent signer by utilizing the agent certificate, signing the medical data information by using the agent public key and disclosing the agent public key;
and the data verification module is used for verifying the validity of the medical data proxy signature by the verifier by using the public proxy public key.
A computer device comprising a computer readable storage medium and a processor, the computer readable storage medium and the processor load and execute a blockchain-based medical data anonymity verification method.
Preferably, the computer readable storage medium has stored therein a computer program comprising program instructions which are loaded by a processor and execute a method for anonymous verification of medical data based on blockchains.
Compared with the prior art, the invention has the following beneficial effects: the medical data multi-device main body anonymous verification model based on the block chain is established, and a single member can sign on behalf of a device main body group, so that the complexity of implementing signature by the multi-device main bodies one by one is effectively reduced; the proxy signature is a signature of the whole group, and specific signer information cannot be determined, so that the privacy and the safety of the proxy signer are effectively protected; any member of the group cannot deny the validity of a legal proxy signature; the verified and legal medical data are recorded in the public block chain account book, so that the storage safety and the anti-tampering capability of the data are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of the present invention;
FIG. 2 illustrates an intelligent medical device and a group of subjects according to the present invention;
FIG. 3 is a flow chart of anonymous verification of medical data based on blockchain according to the present invention;
fig. 4 is a block diagram of a medical data anonymity verifying device of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without any inventive step, are within the scope of the present invention.
Embodiment 1, as shown in fig. 1, a block chain-based medical data cross-device anonymous verification method includes:
s100, forming medical data reflecting the health condition of a patient by using electronic health records acquired by different intelligent medical equipment; the smart medical device comprises a wearable medical device of an individual, such as a health bracelet, an intelligent sleep system, a skin sensor, and the like; household intelligent detection instruments such as a sphygmomanometer, a blood glucose meter, a blood lipid detector and the like; and also various intelligent medical devices such as intelligent image analysis in medical institutions.
The electronic health records collected by different intelligent medical equipment comprise the blood pressure, the blood oxygen, the heart rate and the like monitored by the patient in daily life, and also comprise various electronic health records and the like obtained by different detections in medical institutions, so that the medical data reflecting the health condition of the patient are formed.
The medical data pertains to the patient's personal data assets, and the patient can authorize medical review of the medical data at the time of visit to assist in diagnosis. Meanwhile, the patient can also choose to share own medical data in a public medical system on the premise of hiding personal privacy information, and the medical data are recorded in a public block chain account book for inquiry and use.
S200, authorizing the proxy authority of a group member by a main body group of the intelligent medical equipment, and carrying out proxy signature on the medical data on behalf of the main body group; wherein, the proxy authorization means: before the main group of the intelligent medical equipment signs the generated medical data, an agent signer representing the whole main group of the intelligent medical equipment is selected, and agent authorization is carried out on the agent signer to issue an agent certificate. The signature of the medical data refers to: and the proxy signer generates a proxy public key and a proxy private key by using the proxy certificate, publishes the proxy public key, signs the medical data information by using the proxy private key and generates the medical data signature.
S300, the verifier carries out validity verification on the proxy signature, and any intelligent medical equipment main body in the main body group cannot deny the validity of the proxy signature passing the verification; wherein, the verification of the medical data means: the verifier verifies the validity of the medical data signature by using the public agency key; the effective agent signature is obtained through the verification; illegal agents that fail the verification are signed and discarded.
And S400, storing the validated medical data in a public blockchain account book in a transaction form to form a record which can not be tampered. Billing of medical data refers to: and the verified and valid medical data information is recorded into the public blockchain account book in a transaction form to form a non-falsifiable record.
As shown in fig. 2, the intelligent medical device and the main group of the intelligent medical device are composed of the intelligent medical device owned by the patient and used for collecting the daily electronic health record of the individual, the credible intelligent medical device in the medical institution such as the hospital, and the like, and the main group of the intelligent medical device related to the generation of the medical data of the patient. The main group of the intelligent medical equipment is a group formed by owners or operators of the intelligent medical equipment, and the main group of the intelligent medical equipment is not only responsible for data acquisition, but also participates in the verification process of medical data in the system.
The agent signer is one member of the main group of the intelligent medical equipment and represents an agent signing the medical data of the main group of the intelligent medical equipment.
The signature verifier is a person who verifies the medical data proxy signature and is responsible for judging the validity of the proxy signature.
The block chain account book is used for recording the medical data information which is verified to be legal, and storing operation record information such as storage, use and the like of the medical data.
Based on the intelligent medical device and the subject group described in fig. 2, fig. 3 shows a block chain-based anonymous authentication process for medical data. Firstly, the main group of the intelligent medical equipment allows a new member to freely join, and the new equipment main body enters the existing group through the joining mechanism; secondly, the equipment main body group selects a proxy signer to sign on behalf of the group; then, the proxy signer generates a proxy public and private key by using the proxy certificate and signs the medical data by using the private key; and finally, verifying the signed transaction information, and uploading the signed transaction information to a block chain account book if the transaction information is verified to be legal.
The new equipment main body member is registered as one member of the main body group of the intelligent medical equipment, and the specific operation process is as follows:
s101: the new equipment main body member sends a registration message to the group manager of the main body group to obtain a corresponding member certificate;
specifically, the new device principal member first randomly selects two secret parameters
Figure BDA0003606300270000061
Wherein the content of the first and second substances,
Figure BDA0003606300270000062
is a bimodal gaussian distribution; secondly, calculate
Figure BDA0003606300270000063
And
Figure BDA0003606300270000064
wherein the content of the first and second substances,
Figure BDA0003606300270000065
is the new member private key, B is the group public key; then, an expiration date and time is selected
Figure BDA0003606300270000066
And will register the information
Figure BDA0003606300270000067
And sending the information to the group manager.
S102: the group manager generates a member certificate containing an expiration date and time by using the registration information of the new equipment main body member, and returns the member certificate to the new equipment main body member;
specifically, the group manager first calculates r i ←SampleD(S A ,A,qz i2 ),Token i =A·r i And
Figure BDA0003606300270000068
wherein S is A Is the group master key, A is the group public key, q and σ 2 Is a system parameter; secondly, randomly selecting a parameter a epsilon {0,1} n And calculate
Figure BDA0003606300270000069
Then, group managementThe publisher publishes registration information of new device principal members
Figure BDA00036063002700000610
And member certificate
Figure BDA00036063002700000611
The intelligent medical device group selects one member as a proxy signer, and performs signature on the group representative by authorizing the proxy.
The specific operation process is as follows:
s201: the group manager randomly generates a proxy certificate and sends the proxy certificate to the proxy signer;
specifically, the group manager randomly selects a parameter
Figure BDA00036063002700000612
And a random bit b e {0,1} n (ii) a Secondly, calculate
Figure BDA00036063002700000613
And
Figure BDA00036063002700000614
then sends the proxy certificate
Figure BDA00036063002700000615
To the agent signer.
S202: the proxy signer generates a proxy public and private key for signature by using the received proxy certificate;
specifically, the proxy signer first verifies the validity of the proxy certificate if the parameters in the proxy certificate
Figure BDA00036063002700000616
Satisfy the requirements of
Figure BDA00036063002700000617
And
Figure BDA0003606300270000071
or parameters
Figure BDA0003606300270000072
Satisfy the requirement of
Figure BDA0003606300270000073
And
Figure BDA0003606300270000074
if the proxy is unsuccessful, proxy authorization needs to be carried out again; if the parameter is
Figure BDA0003606300270000075
And
Figure BDA0003606300270000076
meets the above requirements, and
Figure BDA0003606300270000077
and
Figure BDA0003606300270000078
if both are true, the proxy authorization is successful; then, the proxy signer calculates M ← H 1 (W A→B ),A P =U i *M T And
Figure BDA0003606300270000079
wherein A is P Representative proxy public key, S P Representing the proxy private key.
S203: the agent signer signs the message to be signed by using the generated agent public and private key;
specifically, the proxy signer first verifies whether the signature duration and time are satisfied
Figure BDA00036063002700000710
Secondly, calculate
Figure BDA00036063002700000711
And randomly selecting a parameter b epsilon {0,1} n Calculating
Figure BDA00036063002700000712
Then, the signature of the message m is published
Figure BDA00036063002700000713
And the verifier verifies the validity of the proxy signature by using information such as a system public key, a proxy public key and the like.
The specific operation process is as follows:
s301: verifying the validity of the signature by the verifier;
specifically, the verifier first verifies whether the signature term and time satisfy t v <t s And
Figure BDA00036063002700000714
wherein, t v Is the current signature verification time; secondly, the signed message is verified, if signature e i Satisfy | | | e i ||>T 1 And e i || >q/4, if the signature is illegal, the signature needs to be carried out again; if signature e i Meets the above requirements, and
Figure BDA00036063002700000715
if so, the signature is legitimate.
S302: verifying a signature e using an opening algorithm i Is signed by a proxy signer;
specifically, the verifier calculates
Figure BDA00036063002700000716
If r is satisfied i ′=r i Then the signature is proved to be signed by the proxy signer; the opening algorithm is executed to determine which member of the device main body group the signature is when the information of the signer is required to be determined under special conditions; however, in general, the verifier can only verify that the proxy signature is the legal signature of the device main body group, and cannot determine which bit of the group the proxy signature is, thereby protecting the privacy of the signerAnd (4) completing.
Embodiment 2, on the basis of the medical data anonymity verification process based on the blockchain shown in fig. 3, fig. 4 shows a medical data anonymity verification apparatus based on the blockchain, which includes a data collection module, an agent authorization module, a data signature module, and a data verification module; the electronic medical record collected by the intelligent medical equipment is signed by the representative of the equipment main body group, and then the verifier verifies the electronic medical record to form a non-falsifiable transaction record which is recorded in the block chain account book. Here, the proxy group signature can effectively protect the personal privacy information of the signers who perform the signature on behalf of the group. Meanwhile, the verifier can verify that the proxy signature is a legal signature from the group, but cannot determine which member of the group signed the proxy signature, i.e. the anonymity of the signer is guaranteed. The modules are described in detail as follows:
the data collection module, wisdom medical equipment collects the electronic health record through the monitoring, both includes the personal daily health status information that wearable wisdom medical equipment collected of patient's personal, still include the detection result information that records through other wisdom medical equipment when the patient goes to the hospital and sees a doctor to and data such as diagnostic information that the doctor given when seeing a doctor. Health data relating to the health condition of the patient are collected into an account of a device body held by the patient himself and are collected as the medical data reflecting the health condition of the patient.
And the proxy authorization module is used for deducing the proxy signer from the equipment main body group, authorizing the proxy signer and issuing the proxy certificate. The proxy authorization process is a process of determining the validity of a proxy signer, which is a member of a group, choosing a right to exercise a signature on behalf of the group of device entities, the generated signature having the effect that all group members signed together. In turn, the group member cannot deny a legitimate proxy signature signed by the proxy signer.
And the data signature module is used for generating an agent public and private key by the agent signer by utilizing the agent certificate, signing the medical data information by utilizing the agent public key and disclosing the agent public key. The proxy private key used by the proxy signer contains both personal information and group information derived from the proxy certificate. The signed medical data information signature is signed both on behalf of the individual and on behalf of the group.
And the data verification module is used for verifying the validity of the medical data proxy signature by the verifier by utilizing the public proxy public key. The verifier determines whether the proxy signature is a signature of the device principal group by verifying the validity of the signature. If the verification is passed, the transaction containing the medical data is valid, and the transaction can be registered to a block chain account book; if the verification fails, the medical data signature is illegal, a signature breaker may exist, the signature process is terminated immediately, and the verification of the piece of medical data is performed again.
Embodiment 3, a computer device comprising a computer readable storage medium and a processor, the computer readable storage medium and the processor load and execute a blockchain-based on-chain-off-chain medical data sharing method. A computer readable storage medium has stored therein a computer program comprising program instructions that are loaded by a processor and execute a blockchain based on-chain-down-chain medical data sharing method.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the scope of the present invention, and any modifications, equivalents, improvements and the like that are made within the spirit and scope of the present invention should be included in the present invention.

Claims (8)

1. A cross-device anonymous authentication method for medical data based on a blockchain is characterized by comprising the following steps:
s100, forming medical data reflecting the health condition of a patient by using electronic health records acquired by different intelligent medical equipment;
s200, authorizing the proxy authority of a group member by a main body group of the intelligent medical equipment, and carrying out proxy signature on the medical data on behalf of the main body group;
s300, the verifier carries out validity verification on the proxy signature, and any intelligent medical equipment main body in the main body group cannot deny the validity of the proxy signature passing the verification;
and S400, storing the validated medical data in an open blockchain account book in a transaction form.
2. The blockchain-based anonymous authentication method for medical data across devices according to claim 1, wherein the proxy authorization means: before the main group of the intelligent medical equipment signs the generated medical data, selecting an agent signer representing the whole main group of the intelligent medical equipment, carrying out agent authorization on the agent signer and issuing an agent certificate;
the signature of the medical data refers to: the agent signer generates an agent public key and an agent private key by using the agent certificate, publishes the agent public key, signs the medical data information by using the agent private key and generates the medical data signature;
the verification of the medical data means: the verifier verifies the validity of the medical data signature by using the public proxy public key; the signature is a valid proxy signature after the verification; the illegal agent signature which can not pass the verification is discarded;
billing of medical data refers to: and the verified and valid medical data information is recorded into the public blockchain account book in a transaction form to form an untrustworthy record.
3. The method for cross-device anonymous authentication of medical data based on blockchain according to claim 1 or 2, wherein the subject group of the smart medical device allows a new subject member to freely join, and the specific operation method is as follows:
s101: a new device main member sends registration information to a group manager of a main group to obtain a corresponding member certificate; in particular, the amount of the solvent to be used,the new device body member first randomly selects two secret parameters
Figure FDA0003606300260000011
Wherein the content of the first and second substances,
Figure FDA0003606300260000012
is a bimodal gaussian distribution; secondly, calculate
Figure FDA0003606300260000013
And
Figure FDA0003606300260000014
wherein, the first and the second end of the pipe are connected with each other,
Figure FDA0003606300260000015
is the new member private key, B is the group public key; then, an expiration date and time is selected
Figure FDA0003606300260000016
And will register the information
Figure FDA0003606300260000017
Sending to the group manager;
s102: the group manager generates a member certificate containing an expiration date and time by using the registration information of the new equipment main body member, and returns the member certificate to the new equipment main body member;
specifically, the group manager first calculates r i ←SampleD(S A ,A,qz i2 ),Token i =A·r i And
Figure FDA0003606300260000021
wherein S is A Is the group master key, A is the group public key, q and σ 2 Is a system parameter; secondly, randomly selecting a parameter a epsilon {0,1} n And calculate
Figure FDA0003606300260000022
The group administrator then publishes registration information for the new device principal member
Figure FDA0003606300260000023
And member certificate
Figure FDA0003606300260000024
4. The method of claim 3, wherein the group of subjects of the smart medical device authorizes proxy authority of a group member, and proxy signing the medical data on behalf of the group of subjects comprises:
s201: the group manager randomly generates a proxy certificate and sends the proxy certificate to the proxy signer;
specifically, the group manager randomly selects a parameter
Figure FDA0003606300260000025
And a random bit b e {0,1} n (ii) a Secondly, calculate
Figure FDA0003606300260000026
And
Figure FDA0003606300260000027
then sends the proxy certificate
Figure FDA0003606300260000028
Sending to the agent signer;
s202: the proxy signer generates a proxy public and private key for signing by using the received proxy certificate;
specifically, the proxy signer first verifies the validity of the proxy certificate if the parameters in the proxy certificate
Figure FDA0003606300260000029
Satisfy the requirement of
Figure FDA00036063002600000210
And
Figure FDA00036063002600000211
or parameters
Figure FDA00036063002600000212
Satisfy the requirement of
Figure FDA00036063002600000213
And
Figure FDA00036063002600000214
if the proxy is unsuccessful, proxy authorization needs to be carried out again; if the parameter is
Figure FDA00036063002600000215
And
Figure FDA00036063002600000216
meets the above requirements, and
Figure FDA00036063002600000217
and
Figure FDA00036063002600000218
if both are true, the proxy authorization is successful; then, the proxy signer calculates M ← H 1 (W A→B ),A P =U i *M T And
Figure FDA00036063002600000219
wherein A is P Representative proxy public key, S P A proxy private key;
s203: the agent signer signs the message to be signed by using the generated agent public and private key;
specifically, the proxy signer first verifies whether the signature duration and time are satisfied
Figure FDA00036063002600000220
Secondly, calculate
Figure FDA00036063002600000221
And randomly selecting a parameter b epsilon {0,1} n Calculating
Figure FDA00036063002600000222
Then, the signature of the message m is published
Figure FDA00036063002600000223
5. The method for cross-device anonymous verification of medical data based on blockchain according to claim 4, wherein the method for the verifier to legally verify the proxy signature comprises:
s301: verifying the validity of the signature by the verifier;
specifically, the verifier first verifies whether the signature term and time satisfy t v <t s And
Figure FDA00036063002600000224
wherein, t v Is the current signature verification time; secondly, the signed message is verified, if signature e i Satisfy | | | e i ||>T 1 And e i || >q/4, if the signature is illegal, the signature needs to be carried out again; if signature e i Meets the above requirements, and
Figure FDA00036063002600000225
if yes, the signature is legal;
s302: verifying signature e using an opening algorithm i Is signed by a proxy signer;
specifically, the verifier calculates
Figure FDA0003606300260000031
If r is satisfied i ′=r i Then the signature is certified as indeed signed by the proxy signer; the opening algorithm is executed to determine which member of the device main body group the signature is when the information of the signer is required to be determined under special conditions; however, in general, the verifier can only verify that the proxy signature is a legal signature of the device body group, and cannot determine which bit in the group the proxy signature is, thereby protecting the privacy and security of the signer.
6. The device for verifying anonymity of medical data based on block chain according to any one of claims 1 to 5, comprising a data collection module, an agent authorization module, a data signature module and a data verification module;
the data collection module is used for collecting electronic health records by the intelligent medical equipment through monitoring and collecting the medical data reflecting the health condition of the patient;
the agent authorization module is used for the main body group of the intelligent medical equipment to select the agent signer, authorize the agent signer and issue the agent certificate;
the data signature module is used for generating an agent public key and an agent private key by the agent signer by utilizing the agent certificate, signing the medical data information by using the agent public key and disclosing the agent public key;
and the data verification module is used for verifying the validity of the medical data proxy signature by the verifier by using the public proxy public key.
7. A computer device according to any of claims 1-6, comprising a computer readable storage medium and a processor, the computer readable storage medium and the processor loading and executing a blockchain based medical data anonymity verification method.
8. The blockchain-based medical data cross-device anonymous authentication method according to claim 7, wherein the computer readable storage medium has stored therein a computer program, the computer program comprising program instructions, the program instructions being loaded by the processor and executing the blockchain-based medical data anonymous authentication method.
CN202210419459.XA 2022-04-20 2022-04-20 Medical data cross-equipment anonymous verification method, device and equipment based on blockchain Active CN115033912B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210419459.XA CN115033912B (en) 2022-04-20 2022-04-20 Medical data cross-equipment anonymous verification method, device and equipment based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210419459.XA CN115033912B (en) 2022-04-20 2022-04-20 Medical data cross-equipment anonymous verification method, device and equipment based on blockchain

Publications (2)

Publication Number Publication Date
CN115033912A true CN115033912A (en) 2022-09-09
CN115033912B CN115033912B (en) 2023-04-25

Family

ID=83118986

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210419459.XA Active CN115033912B (en) 2022-04-20 2022-04-20 Medical data cross-equipment anonymous verification method, device and equipment based on blockchain

Country Status (1)

Country Link
CN (1) CN115033912B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11956223B2 (en) * 2018-12-04 2024-04-09 Journey.ai Securing attestation using a zero-knowledge data management network

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1790981A (en) * 2005-12-08 2006-06-21 上海交通大学 Mobile proxy safety route method based on group signature
CN103825882A (en) * 2014-01-14 2014-05-28 西安电子科技大学 High non-camouflage realization method of revocable proxy signature
CN104703178A (en) * 2015-03-15 2015-06-10 西安电子科技大学 Machine type communication authenticating and key negotiating method based on group anonymous proxy
CN107846281A (en) * 2017-10-30 2018-03-27 上海应用技术大学 Location-based PROXY MULTI SIGNATURE method and system
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN109948367A (en) * 2019-03-27 2019-06-28 南京星链高科技发展有限公司 A kind of medical data authorization method based on block chain technology

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1790981A (en) * 2005-12-08 2006-06-21 上海交通大学 Mobile proxy safety route method based on group signature
CN103825882A (en) * 2014-01-14 2014-05-28 西安电子科技大学 High non-camouflage realization method of revocable proxy signature
CN104703178A (en) * 2015-03-15 2015-06-10 西安电子科技大学 Machine type communication authenticating and key negotiating method based on group anonymous proxy
CN107846281A (en) * 2017-10-30 2018-03-27 上海应用技术大学 Location-based PROXY MULTI SIGNATURE method and system
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN109948367A (en) * 2019-03-27 2019-06-28 南京星链高科技发展有限公司 A kind of medical data authorization method based on block chain technology

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
高阳: "信息服务实体可信标识签发及跨域认证研究" *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11956223B2 (en) * 2018-12-04 2024-04-09 Journey.ai Securing attestation using a zero-knowledge data management network

Also Published As

Publication number Publication date
CN115033912B (en) 2023-04-25

Similar Documents

Publication Publication Date Title
Benil et al. Cloud based security on outsourcing using blockchain in E-health systems
CN109509518A (en) Management method, server and the computer storage medium of electronic health record
Amin et al. Anonymity preserving and lightweight multimedical server authentication protocol for telecare medical information system
US8904181B1 (en) System and method for secure three-party communications
US8275632B2 (en) Privacy compliant consent and data access management system and methods
Lee et al. Medical blockchain: Data sharing and privacy preserving of EHR based on smart contract
US20130061055A1 (en) Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones
JP5897040B2 (en) Secure access to emergency personal health records
Hathaliya et al. Securing electronic healthcare records: A mobile-based biometric authentication approach
EP3534287A1 (en) Inserting a further data block into a first ledger
CN110998574B (en) Authentication terminal, authentication device, and authentication method and system using the same
WO2022062399A1 (en) Blockchain network-based diagnosis method and apparatus, and blockchain network system
CN110211683A (en) A kind of support vector machines medical data privacy training system based on block chain
Dwivedi et al. Towards a practical healthcare information security model for healthcare institutions
US11514438B1 (en) Document generation with dynamic watermarking
CN110600096A (en) Medical data management method and system and computer storage medium
CN109741800A (en) The method for security protection of medical data intranet and extranet interaction based on block chain technology
Rubio et al. Analysis of ISO/IEEE 11073 built-in security and its potential IHE-based extensibility
CN112002436B (en) Block chain-based medical question answering method, device and medium
CN115033912B (en) Medical data cross-equipment anonymous verification method, device and equipment based on blockchain
Soni et al. Privacy-preserving secure and low-cost medical data communication scheme for smart healthcare
CN101939748A (en) Activation by trust delegation
Zeb et al. U-prove based security framework for mobile device authentication in eHealth networks
Kalaivani et al. A novel fuzzy based bio-key management scheme for medical data security
Przytarski et al. A Blueprint for a Trustworthy Health Data Platform Encompassing IoT and Blockchain Technologies

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant